<html><body>
<style>

body, h1, h2, h3, div, span, p, pre, a {
  margin: 0;
  padding: 0;
  border: 0;
  font-weight: inherit;
  font-style: inherit;
  font-size: 100%;
  font-family: inherit;
  vertical-align: baseline;
}

body {
  font-size: 13px;
  padding: 1em;
}

h1 {
  font-size: 26px;
  margin-bottom: 1em;
}

h2 {
  font-size: 24px;
  margin-bottom: 1em;
}

h3 {
  font-size: 20px;
  margin-bottom: 1em;
  margin-top: 1em;
}

pre, code {
  line-height: 1.5;
  font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}

pre {
  margin-top: 0.5em;
}

h1, h2, h3, p {
  font-family: Arial, sans serif;
}

h1, h2, h3 {
  border-bottom: solid #CCC 1px;
}

.toc_element {
  margin-top: 0.5em;
}

.firstline {
  margin-left: 2 em;
}

.method  {
  margin-top: 1em;
  border: solid 1px #CCC;
  padding: 1em;
  background: #EEE;
}

.details {
  font-weight: bold;
  font-size: 14px;
}

</style>

<h1><a href="admin_directory_v1.html">Admin SDK API</a> . <a href="admin_directory_v1.roleAssignments.html">roleAssignments</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
  <code><a href="#close">close()</a></code></p>
<p class="firstline">Close httplib2 connections.</p>
<p class="toc_element">
  <code><a href="#delete">delete(customer, roleAssignmentId, x__xgafv=None)</a></code></p>
<p class="firstline">Deletes a role assignment.</p>
<p class="toc_element">
  <code><a href="#get">get(customer, roleAssignmentId, x__xgafv=None)</a></code></p>
<p class="firstline">Retrieves a role assignment.</p>
<p class="toc_element">
  <code><a href="#insert">insert(customer, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Creates a role assignment.</p>
<p class="toc_element">
  <code><a href="#list">list(customer, includeIndirectRoleAssignments=None, maxResults=None, pageToken=None, roleId=None, userKey=None, x__xgafv=None)</a></code></p>
<p class="firstline">Retrieves a paginated list of all roleAssignments.</p>
<p class="toc_element">
  <code><a href="#list_next">list_next()</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<h3>Method Details</h3>
<div class="method">
    <code class="details" id="close">close()</code>
  <pre>Close httplib2 connections.</pre>
</div>

<div class="method">
    <code class="details" id="delete">delete(customer, roleAssignmentId, x__xgafv=None)</code>
  <pre>Deletes a role assignment.

Args:
  customer: string, Immutable ID of the Google Workspace account. (required)
  roleAssignmentId: string, Immutable ID of the role assignment. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format
</pre>
</div>

<div class="method">
    <code class="details" id="get">get(customer, roleAssignmentId, x__xgafv=None)</code>
  <pre>Retrieves a role assignment.

Args:
  customer: string, The unique ID for the customer&#x27;s Google Workspace account. In case of a multi-domain account, to fetch all groups for a customer, use this field instead of `domain`. You can also use the `my_customer` alias to represent your account&#x27;s `customerId`. The `customerId` is also returned as part of the [Users](https://developers.google.com/workspace/admin/directory/v1/reference/users) resource. You must provide either the `customer` or the `domain` parameter. (required)
  roleAssignmentId: string, Immutable ID of the role assignment. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Defines an assignment of a role.
  &quot;assignedTo&quot;: &quot;A String&quot;, # The unique ID of the entity this role is assigned to—either the `user_id` of a user, the `group_id` of a group, or the `uniqueId` of a service account as defined in [Identity and Access Management (IAM)](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts).
  &quot;assigneeType&quot;: &quot;A String&quot;, # Output only. The type of the assignee (`USER` or `GROUP`).
  &quot;condition&quot;: &quot;A String&quot;, # Optional. The condition associated with this role assignment. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, the following conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` Currently, the condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview). - To make the `RoleAssignment` not applicable to [Locked Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.locked&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` This condition can also be used in conjunction with a Security-related condition.
  &quot;etag&quot;: &quot;A String&quot;, # ETag of the resource.
  &quot;kind&quot;: &quot;admin#directory#roleAssignment&quot;, # The type of the API resource. This is always `admin#directory#roleAssignment`.
  &quot;orgUnitId&quot;: &quot;A String&quot;, # If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.
  &quot;roleAssignmentId&quot;: &quot;A String&quot;, # ID of this roleAssignment.
  &quot;roleId&quot;: &quot;A String&quot;, # The ID of the role that is assigned.
  &quot;scopeType&quot;: &quot;A String&quot;, # The scope in which this role is assigned.
}</pre>
</div>

<div class="method">
    <code class="details" id="insert">insert(customer, body=None, x__xgafv=None)</code>
  <pre>Creates a role assignment.

Args:
  customer: string, Immutable ID of the Google Workspace account. (required)
  body: object, The request body.
    The object takes the form of:

{ # Defines an assignment of a role.
  &quot;assignedTo&quot;: &quot;A String&quot;, # The unique ID of the entity this role is assigned to—either the `user_id` of a user, the `group_id` of a group, or the `uniqueId` of a service account as defined in [Identity and Access Management (IAM)](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts).
  &quot;assigneeType&quot;: &quot;A String&quot;, # Output only. The type of the assignee (`USER` or `GROUP`).
  &quot;condition&quot;: &quot;A String&quot;, # Optional. The condition associated with this role assignment. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, the following conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` Currently, the condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview). - To make the `RoleAssignment` not applicable to [Locked Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.locked&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` This condition can also be used in conjunction with a Security-related condition.
  &quot;etag&quot;: &quot;A String&quot;, # ETag of the resource.
  &quot;kind&quot;: &quot;admin#directory#roleAssignment&quot;, # The type of the API resource. This is always `admin#directory#roleAssignment`.
  &quot;orgUnitId&quot;: &quot;A String&quot;, # If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.
  &quot;roleAssignmentId&quot;: &quot;A String&quot;, # ID of this roleAssignment.
  &quot;roleId&quot;: &quot;A String&quot;, # The ID of the role that is assigned.
  &quot;scopeType&quot;: &quot;A String&quot;, # The scope in which this role is assigned.
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Defines an assignment of a role.
  &quot;assignedTo&quot;: &quot;A String&quot;, # The unique ID of the entity this role is assigned to—either the `user_id` of a user, the `group_id` of a group, or the `uniqueId` of a service account as defined in [Identity and Access Management (IAM)](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts).
  &quot;assigneeType&quot;: &quot;A String&quot;, # Output only. The type of the assignee (`USER` or `GROUP`).
  &quot;condition&quot;: &quot;A String&quot;, # Optional. The condition associated with this role assignment. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, the following conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` Currently, the condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview). - To make the `RoleAssignment` not applicable to [Locked Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.locked&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` This condition can also be used in conjunction with a Security-related condition.
  &quot;etag&quot;: &quot;A String&quot;, # ETag of the resource.
  &quot;kind&quot;: &quot;admin#directory#roleAssignment&quot;, # The type of the API resource. This is always `admin#directory#roleAssignment`.
  &quot;orgUnitId&quot;: &quot;A String&quot;, # If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.
  &quot;roleAssignmentId&quot;: &quot;A String&quot;, # ID of this roleAssignment.
  &quot;roleId&quot;: &quot;A String&quot;, # The ID of the role that is assigned.
  &quot;scopeType&quot;: &quot;A String&quot;, # The scope in which this role is assigned.
}</pre>
</div>

<div class="method">
    <code class="details" id="list">list(customer, includeIndirectRoleAssignments=None, maxResults=None, pageToken=None, roleId=None, userKey=None, x__xgafv=None)</code>
  <pre>Retrieves a paginated list of all roleAssignments.

Args:
  customer: string, The unique ID for the customer&#x27;s Google Workspace account. In case of a multi-domain account, to fetch all groups for a customer, use this field instead of `domain`. You can also use the `my_customer` alias to represent your account&#x27;s `customerId`. The `customerId` is also returned as part of the [Users](https://developers.google.com/workspace/admin/directory/v1/reference/users) resource. You must provide either the `customer` or the `domain` parameter. (required)
  includeIndirectRoleAssignments: boolean, When set to `true`, fetches indirect role assignments (i.e. role assignment via a group) as well as direct ones. Defaults to `false`. You must specify `user_key` or the indirect role assignments will not be included.
  maxResults: integer, Maximum number of results to return.
  pageToken: string, Token to specify the next page in the list.
  roleId: string, Immutable ID of a role. If included in the request, returns only role assignments containing this role ID.
  userKey: string, The primary email address, alias email address, or unique user or group ID. If included in the request, returns role assignments only for this user or group.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    {
  &quot;etag&quot;: &quot;A String&quot;, # ETag of the resource.
  &quot;items&quot;: [ # A list of RoleAssignment resources.
    { # Defines an assignment of a role.
      &quot;assignedTo&quot;: &quot;A String&quot;, # The unique ID of the entity this role is assigned to—either the `user_id` of a user, the `group_id` of a group, or the `uniqueId` of a service account as defined in [Identity and Access Management (IAM)](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts).
      &quot;assigneeType&quot;: &quot;A String&quot;, # Output only. The type of the assignee (`USER` or `GROUP`).
      &quot;condition&quot;: &quot;A String&quot;, # Optional. The condition associated with this role assignment. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, the following conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` Currently, the condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview). - To make the `RoleAssignment` not applicable to [Locked Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.locked&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` This condition can also be used in conjunction with a Security-related condition.
      &quot;etag&quot;: &quot;A String&quot;, # ETag of the resource.
      &quot;kind&quot;: &quot;admin#directory#roleAssignment&quot;, # The type of the API resource. This is always `admin#directory#roleAssignment`.
      &quot;orgUnitId&quot;: &quot;A String&quot;, # If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.
      &quot;roleAssignmentId&quot;: &quot;A String&quot;, # ID of this roleAssignment.
      &quot;roleId&quot;: &quot;A String&quot;, # The ID of the role that is assigned.
      &quot;scopeType&quot;: &quot;A String&quot;, # The scope in which this role is assigned.
    },
  ],
  &quot;kind&quot;: &quot;admin#directory#roleAssignments&quot;, # The type of the API resource. This is always `admin#directory#roleAssignments`.
  &quot;nextPageToken&quot;: &quot;A String&quot;,
}</pre>
</div>

<div class="method">
    <code class="details" id="list_next">list_next()</code>
  <pre>Retrieves the next page of results.

        Args:
          previous_request: The request for the previous page. (required)
          previous_response: The response from the request for the previous page. (required)

        Returns:
          A request object that you can call &#x27;execute()&#x27; on to request the next
          page. Returns None if there are no more items in the collection.
        </pre>
</div>

</body></html>